As the insurance industry continues to digitize, companies are facing new threats from cybercriminals looking to make a profit by stealing insurance benefits or entitlements. Insurance fraud adds up to $40 billion in losses per year, costing the average American family $400-$700 in increased premiums, the FBI reports.
The sharp increase makes it clear that traditional methods of insurance fraud prevention are no longer effective. Passwords and two-factor authentication are unable to stop criminals, who are submitting fraudulent applications by using stolen or synthetic identities, taking over legitimate accounts to make false claims, or changing payee information to divert insurance funds.
We now live in the age of cybercrime, and insurance companies need authentication and detection solutions that can spot and stop fraud in real-time.
Types of Online Insurance Fraud
Offering services online is a huge benefit to the customer experience, introducing speed and ease to account openings, submitting claims, and more. That speed and digital setting, however, increase the risk of insurance fraud by reducing the amount of time available to detect anomalies. Fraud is now happening in the moment, through activities such as new account fraud, social engineering, remote access, and payment hijacking.
Stolen/Synthetic Identities for Fraudulent Policy Applications
Fraudsters create identities from stolen personal information and false details, combining a real social security number with a fake name, address, date of birth, and contact information, for example. The fraudster can then proceed to apply for an insurance policy with the forged identity.
Account Takeover and False Insurance Claims
Using social engineering schemes, malware and remote access tools, fraudsters can take over insurer or policyholder accounts in digital channels with the aim of filing false insurance claims. These claims may include: automobile property, personal injury, workers' compensation, health/residential and commercial property claims.
Payee Information Changes for Payment Hijacking
Another common attack method is payment hijacking, where cybercriminals take over the payroll system linked to the insurance platform, changing payee information in order to receive insurance funds intended for a genuine policy holder.
The Three Keys to Insurance Fraud Prevention with Behavioral Biometrics
Similar to how behavioral biometrics has helped the banking industry to detect and prevent fraud, the technology can serve the same measures for insurance fraud prevention by monitoring account sessions, claims payments, and any actions requiring money transfers.
BioCatch focuses on providing three main tenets when it comes to insurance fraud prevention: less fraud, less friction, and improved experiences for security and fraud teams. Together, they provide companies with more security and the ability to offer an improved user experience.
Behavioral biometrics technology is extremely accurate at distinguishing between fraudsters and legitimate users. Using continuous authentication, BioCatch develops user profiles of identifying information, such as user swipe patterns. If these swipe patterns begin to differ because a fraudster has taken over an account, behavioral biometrics recognizes the change and sends an alert that fraudulent activity is underway. With similar methods, behavioral biometrics can prevent account takeover and the use of stolen identities in real-time, resulting in less overall insurance fraud for companies and their customers.
For example, social engineering scams are one type of insurance fraud behavioral biometrics can uniquely address. In these scams, a fraudster calls pretending to be an insurance company or payroll provider and asks for personal account information or access to an individual’s computer. With access to this information, a fraudster can change the account insurance money is going to, stealing it from the rightful recipient.
Behavioral biometrics, however, knows how an individual customer acts based on user profiles and can detect when they are being manipulated by a social engineering scheme. If a customer is being prompted to act by a fraudster, they enter information differently or make unusual hesitations. And, if they unwittingly give a fraudster permission to access their screen, the fraudster will behave differently than the customer, and behavioral biometrics will flag the suspicious activity for the insurance company. The real insurance company can then call and ask their customer if they are completing the actions on their account, stopping fraud in real time.
Less friction is all about creating a better online experience for a company’s users. Passwords and two-factor authentication may make consumers feel secure, but they’re not actually as secure as they seem. Hackers know how to get around these traditional authentication methods, and these forms of authentication also require extra work for users.
Whenever a user is on a session, behavioral biometrics technology continuously monitors their actions to ensure normal activity is taking place. If activity deviates from the normal user profile, the system picks up on the change and flags it as fraud.
For example, if someone logs in to check the status of their insurance claim, but then forgets to logout of their account, continuous authentication is still underway. If a fraudster began using that account, behavioral biometrics would detect the change in behavior. This is different from one-time authentication, such as passwords. Continuous authentication will always be monitoring a session, authenticating the user no matter what is happening, what actions they’ve taken, or what part of the session they’re in.
More Robust Insurance Apps
Often companies forgo adding a new solution or feature to their online platform because of the huge security challenges presented by implementation. The BioCatch platform is made up of several easy to implement components that enable behavioral data collection from web and mobile browsers and applications. Continuous behavioral data collection produces real-time risk scores and behavioral insights as defined by internal fraud teams. Companies don’t need multiple logins or other authentication measures to determine how to authenticate users. BioCatch works within a company’s existing tech stack, offering individualized solutions for insurance fraud prevention for each company.
Interested in learning more about insurance fraud prevention with behavioral biometrics? Our co-founder and Head of Cyber Strategy, Uri Rivner, provided in depth information and analysis in a webinar on the topic. Access the webinar on-demand here.